Secure Login

The Password is Dead

Passwords can be either difficult to remember or too short to securely protect important accounts. Traditional password systems have not been able to keep up with the increasing number of accounts needed for various websites nowadays. Passwords should be unique and the same one should never be used for multiple accounts. This renders passwords insecure and impractical to use.

Nitrokey aims to replace passwords by utilising the following strong authentication procedures:

One Time Passwords (OTP)

One Time Passwords (OTP) are similar to TANs and are used as a secondary security measure in addition to ordinary passwords. OTPs protect against identity theft, which means that if your password is compromised your account is still secured by the Nitrokey. Using a small tray icon application, your Nitrokey generates OTPs which are required in order to log in to configured websites and applications. There is a growing list of websites which can be used with Nitrokey's OTPs. The supported protocol are HMAC-based One-time Password Algorithm (HOTP, RFC 4226) and Time-based One-time Password Algorithm (TOTP, RFC 6238), which are compatible with Google Authenticator.

Universal 2nd Factor (U2F)

Universal 2nd Factor (U2F) is very secure, super easy to use, and may become the successor to OTPs. U2F uses cryptographic challenges which are signed by the Nitrokey U2F device. Account-specific keys are used to prevent user tracking and to protect your privacy. U2F doesn't require an additional tray application because some web browsers already support Nitrokey U2F (Firefox, Google Chrome, Internet Explorer with plugin). U2F is a new standard and is so far only supported by a few websites, but its acceptance is increasing.

Client Certificate Authentication

You can use your Nitrokey to administrate your servers securely via SSH, to access your Virtual Private Network via OpenVPN and to log in to some websites via HTTPS.

Password Safe

In cases where an ordinary password is required, Nitrokey provides a password safe to store passwords securely. It allows you to have individual passwords for each account and store them encrypted in the Nitrokey. Maximum 16 passwords.

Email Encryption

Emails are readable like postcards

If you do not take additional precautions, random system administrators can easily access your emails. It is also possible that your emails have already been accessed and stored by intelligence services. Cybercriminals are increasingly targeting email servers in order to launch phishing attacks on businesses and individuals. Email encryption prevents attackers or unauthorised users from reading your private emails.

Nitrokey aims to make email encryption as easy as possible

Nitrokey stores your secret keys securely on the device and protects them from malware and physical attackers. Nitrokey can be used with various types of email encryption software both easily and with minimal modifications. Windows, MacOS and Linux are supported, and device drivers are either preinstalled or installed automatically. GnuPG works out of the box in conjunction with Nitrokey and supports OpenPGP and S/MIME formats. PKCS#11 drivers are provided for integration with S/MIME-supporting software. Among the supported applications are Mozilla Thunderbird, MS Outlook and GnuPG.

Supported email encryption standards: OpenPGP and S/MIME

Two different formats exist for email encryption: OpenPGP and S/MIME. OpenPGP is more popular for individual use, while S/MIME is predominantly used by businesses. Unlike most other USB dongles, Nitrokey supports both formats.

Encrypted Mobile Storage

Data Loss on USB drives

To avoid damage to data, and even subsequent lawsuits, it is necessary to encrypt all sensitive data that you carry with you. You don't want find yourself dealing with the horrible potential consequences of data loss ([1], [2], [3]).

Insecure proprietary USB vendors

Hard disks and other equipment are routinely intercepted by the NSA en route from vendors to clients, and in the process are implanted with backdoors. With Nitrokey you can export the installed firmware and verify its integrity (or flash your own firmware).

In 2011 RSA Inc was hacked and the secret keys from all of their SecurID tokens were stolen, allowing to circumvent the access control.

Encrypted Storage

The Nitrokey Storage contains an encrypted mass storage space with a capacity of up to 64 GB. To unlock the drive, simply enter your PIN and all of the encryption and decryption will be performed within the hardware device. This is theoretically more secure than a software solution and means that you no longer need to be dependent on an operating system. The device can be used with Windows, Linux and Mac OS X.

Hidden Volumes

Nitrokey Storage contains a feature which allows you to set up hidden volumes in addition to the primary encrypted storage. These hidden volumes are protected by an additional password and their existence cannot technically be proven. This allows you to deny the existence of any additional encrypted data, for example during border controls.

Hard Disk & File Encryption

If you have any private data stored on your computer or laptop, disk encryption is a must. With the Nitrokey you can use various disk encryption solutions. Your secret keys are stored securely on the Nitrokey device, which can be used similarly to a physical door key to unlock your computer. Among the supported solutions are TrueCrypt/VeraCrypt, Gnu Privacy Assistant and GnuPG. Microsoft Bitlocker and Linux disk encryption solutions should also work but have yet to be tested.

Server Protection

Protect your server certificates by using up to 43 ECC and 35 RSA keys with the Nitrokey HSM. Ideal for security servers.

Servers are vulnerable to a large range of attacks, are online 24 hours a day, and are sometimes poorly maintained. Most servers will at some point contain a remotely exploitable security flaw (for example, OpenSSL's Heartbleed bug). Even though you may not be able to secure your server 100%, you can keep your private keys out of reach of attackers and store them on the Nitrokey.

How Nitrokey works

Protect emails, files, hard drives, server certificates and online accounts using cryptography. Your private keys are always stored securely in the Nitrokey hardware and can't be stolen. The device is PIN-protected and is secured against brute force and hardware attacks. Backups protect against loss.

Nitrokey is better:

High Security

Your secret keys are stored in the tamper-resistant and PIN-protected device and are secured against computer viruses, loss and theft. RSA keys of up to 4096 bit and AES-256 are supported.

Made in Germany

Nitrokey is developed and produced in Germany, primarily in Berlin. For the sake of higher quality and security, we do not use cheap overseas manufacturing.

Independent Security Assessment

The auditing company Cure53 performed an intensive security review of the Nitrokey Storage. The security expert summarize their final result with "Nitrokey is capable of functioning properly and securely". The complete final report can be downloaded publicly (Firmware, Hardware).

Open Source

Complete USB plug

Unlike some competitors, Nitrokey contains a complete and standard compliant USB plug. This ensures thousands of insertions without connectivity issues.

No Backdoors - No NSA

Installed firmware can be exported and verified, preventing attackers from inserting backdoors into products during shipping. Nitrokey is open-source and free of backdoors. Secret keys are generated only by you and we have no access to your private information.

Plausible Deniability

The only hardware solution with hidden encrypted storage. This allows you to plausibly deny the existence of encrypted data, for example during border controls.

Easy Integration

Nitrokey uses open interfaces to enable its easy integration with your personal requirements. Custom solution can be provided on request.

Sustainability

All Nitrokeys contain as few toxic substances as possible (in accordance with RoHS directives), are designed for longevity (long service life and storage period in accordance with MTBF, MTTF) and contain no artificial predetermined breaking points. The compact design of our Nitrokeys minimizes the consumption of natural resources. As a result of a cooperation with the Technical University of Munich, we were able to analyze the worldwide supply chain of our electronics and improve our production processes.

For short distances and regional economic cycles, we produce as far as possible locally in Germany and increasingly enter into regional cooperations.

Goods are shipped in plastic-less envelopes without disproportionate product packaging. We try to avoid unnecessary paper consumption, for example by sending invoices by e-mail.

Our servers run with electricity produced from renewable energy sources.

With our bank account at GLS Gemeinschaftsbank eG, the largest ethical-ecological bank in Germany, we invest in renewable energy.

Our Customers

News

Nextcloud lets users access and collaborate on documents, calendars and in video chats in the browser or through mobile apps. Over 200 apps extend Nextcloud functionality with features like playing music and movies, tracking your phone, reading news, mindmapping and more.

The Gentoo Foundation has partnered with Nitrokey to equip all Gentoo developers with free Nitrokey Pro 2 devices. Gentoo developers will use the Nitrokey devices to store cryptographic keys for signing of git commits and software packages, GnuPG keys, and SSH accounts.